Spain Leads the Illegal Sale of Cookies on the Dark Web: Risks and How to Protect Yourself

More than 550 million web cookies from Spanish users are for sale on the dark web. We explain what they are, why they pose a real risk, and what you can do to protect your data and your users’ data.

What’s happening with cookies in Spain?

A NordVPN report revealed that Spain is the European country most affected by the illegal sale of web cookies, with more than 554 million exposed. Globally, it ranks 20th.

These web cookies are obtained both through theft via malware and through “legal” transfers to data brokers, due to unclear policies on some websites that lack a solid privacy policy and a visible legal notice.

Why are cookies so valuable?

Web cookies are small files that act as digital keys. In the hands of attackers, they can grant direct access to active accounts such as:

• Email
• Online banking
• Social media
• eCommerce stores

In addition, many contain sensitive identifying data, such as:

• Session IDs
• Names, emails, locations
• Personal preferences
• Even passwords

Without proper cookie management, these cookies can become a major risk for both users and businesses.

How are cookies exfiltrated?

1.“Legal” transfer:
Some websites sell web cookies to data brokers, who then resell them without controlling their final use.

2.Theft through malware:
Through cyberattacks, attackers extract cookies stored in the browser by exploiting system vulnerabilities.

How can you protect yourself?

Here are some key steps you can take:

• Set your cookie preferences: accept only essential cookies and reject third-party ones.
• Clear web cookies and cache regularly: this reduces exposure in case of breaches.
• Use secure browsers and connections: look for the padlock (https) and avoid public networks.
• Install antivirus and antimalware: keep them updated and always active.
• Enable two-factor authentication (2FA): even if a cookie is stolen, it makes access harder.

For digital businesses, adding a clear cookie banner and using a reliable cookie plugin to control installation and consent is essential to comply with web data protection and eCommerce legal requirements.

Privacy vs. convenience: the eternal dilemma

Web cookies enable a better digital experience but can put your privacy at risk if not managed properly. The key is to accept only what’s necessary, keep your browser clean, and use tools that protect your data.

What does Lawwwing do to help you?

At Lawwwing, we help you understand and manage these risks:

• You stay compliant with the law and protect your users, without hassle.
• Our cookie banner detects all the web cookies installed on your site.
• You can easily monitor them with a simple cookie management system and check that none are out of place.

In addition, as a legal tech platform, Lawwwing helps you keep your website up to date on web data protection, legal notices, and privacy policies.